Cyberattacks on electrical energy utilities are on the rise. From 2020 to 2022, weekly assaults greater than doubled. An assault that exploits a vulnerability in clever digital gadgets (IEDs) like energy distribution models, relay, and circuit breakers can flip off the lights in a neighborhood or total metropolis. On the floor, it appears easy sufficient to remediate vulnerabilities as quickly as they’re reported—for instance, by upgrading firmware. Fact is, detecting and remediating vulnerabilities in operational know-how (OT) poses a supersized problem for utilities.
Take CPFL Energia, a Brazilian utility with 10.3 million clients. CPFL needed to spice up the safety posture at its 600+ distribution substations, the place high-voltage electrical energy is remodeled to decrease voltage for distribution to houses and companies. The roadblock? You can’t safe what you’ll be able to’t see, and CPFL’s operations group was in the dead of night about precisely what IEDs have been deployed in substations. Just setting foot in a substation in Brazil requires a prolonged approval course of, so some substations hadn’t been visited for months. OT visibility turned pressing In 2021, when nationwide grid operator ONS required utilities to conduct a cybersecurity vulnerability evaluation.
Operations and IT groups be part of forces
The utility’s operations group knew it didn’t have cybersecurity know-how to evaluate and mitigate threat. The IT group had the cybersecurity know-how however didn’t perceive the finer factors of substation operations, like which industrial protocols may very well be blocked to shrink the assault floor. So, operations and IT determined to group up, pooling their strengths. The IT group noticed the OT safety challenge as a chance to fulfill one other longstanding aim—upgrading the getting old switches at substations to benefit from advances like energy over ethernet (PoE) and administration automation.
OT visibility and switching in a single field, with Cisco industrial switches
CPFL achieved each objectives—vulnerability evaluation and community modernization—with one answer, Cisco industrial switches. Included on the switches is Cisco Cyber Vision, a software program which robotically identifies all industrial and IT belongings linked to the community, together with detailed traits and communication actions. The two-in-one answer is way easier and less expensive than CPFL’s different options: shopping for separate visibility equipment for every substation or else replicating community visitors to a management middle with a centralized visibility equipment. Cisco’s industrial switches meet utilities’ stringent necessities, together with the flexibility to face up to harsh environments, IEC 61850 certification to function in high-voltage environments, and help for industrial protocols like DNP3 and Modbus TCP/IP.
Immediate payoff: 20 malware infections found
Today each transmission and distribution substation has been upgraded to Cisco Catalyst IE3400 Rugged Series switches with built-in Cyber Vision. With a look on the Cyber Vision console, CPFL’s operations group can view an in depth stock of all linked IEDs and workstations, together with their software program vulnerabilities.
“Right away Cyber Vision identified more than 20 cases of malware in the OT network, as well as many unneeded communication activities and protocols we could shut down to reduce the attack surface,” stated Emerson Cardoso, CPFL’s chief data safety officer. “We now have visibility into our critical grid network, the first step toward mitigating vulnerabilities and improving our security posture.”
Real-time alerts: those that depend
CPFL’s safety analysts now obtain real-time alerts about essential occasions as a result of CPFL built-in Cyber Vision with its safety data and occasion administration (SIEM) system. To keep away from alert fatigue and ensure essential occasions are addressed rapidly, the IT and OT groups labored collectively to outline 20 varieties of safety occasions that generate alerts. “Cyber Vision helped us overcome the challenge of integrating OT into our security operations center (SOC),” explains Cardoso. “Our security analysts now have visibility across both IT and OT to act on the alerts, manage risks, and enforce security policies throughout our networks.”
While deploying the brand new Cisco industrial switches, CPFL additionally deployed Cisco Secure Firewalls to filter industrial community visitors between substations and management facilities. This gave IT the flexibility to comprise malicious actions and keep away from threats to unfold to the whole infrastructure within the case a breach happens.
Award-winning challenge benefiting operations, IT, and clients
With its new Cisco industrial switches, Cyber Vision, and Cisco firewalls, CPFL solved a number of challenges that utilities have struggled with for years. Operations groups gained visibility into grid belongings and complied with a brand new regulation for vulnerability evaluation and threat administration. IT modernized substation networks and might monitor and comprise threats to transmission and distribution operations.
The Brazilian cybersecurity neighborhood has taken word, recognizing CPFL and Emerson Cardoso as National Security Leaders of 2023. The award calls out CPFL’s complete strategy to cybersecurity and efficient collaboration between OT and IT. In Cardoso’s phrases, “Having robust cybersecurity protections not only helps mitigate risks and protect our employees, it also ensures we can better serve our customers.”
Read the complete case research right here.
Learn extra
Share: